Re: Update minimum SSL version - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Update minimum SSL version
Date
Msg-id 20191205014823.GB5064@paquier.xyz
Whole thread Raw
In response to Re: Update minimum SSL version  (Daniel Gustafsson <daniel@yesql.se>)
Responses Re: Update minimum SSL version
List pgsql-hackers
On Mon, Dec 02, 2019 at 02:09:51PM +0100, Daniel Gustafsson wrote:
> However, looking at the signatures detected by autoconf we can however get an
> idea of which version is used.  SSL_clear_options and X509_get_signature_nid()
> first shipped in 1.0.2, while SSL_get_current_compression first shipped in
> 0.9.8.  There are also a set of functions which are new in 1.1.0 (BIO_get_data
> et.al).

I was just looking at this problem, and something does not match with
what you wrote here.  SSL_clear_options() is defined in OpenSSL from
0.9.8 to 1.0.2 as a macro (see ssl/ssl.h), and is defined as a
function since 1.1.0.  So it seems to me that we are able to correctly
detect the presence of this function in the configure checks if
building with 1.1.0~, but not other versions.

In LibreSSL, the code has visibly always used a macro, even on their
latest HEAD since the code has been forked from OpenSSL 1.0.1g:
https://github.com/libressl-portable/openbsd.  So we should be  able
to compile our code, still we fail to detect that we can use the
macro.

It seems to me that we have quite a couple of arguments in favor of
dropping this configure check all together.  (I saw the business
around a364dfa as well regarding NetBSD 5.1).

We can do more cleanup, and the discussion is quite different than the
original intent of this thread, so I am going to create a new one on
the matter.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Kyotaro Horiguchi
Date:
Subject: Re: could not stat promote trigger file leads to shutdown
Next
From: Tom Lane
Date:
Subject: Re: Update minimum SSL version